OpenSSH trojaned; is ebuild affected?

slinkan · n00b Joined: 08 May 2002 Posts: 5 Location: SWE

Just read over at LWN that the latest SSH is Trojaned on openbsd's ftp, does anyone know if the latest ebuild is affected by this trojan?

Or for that matter ANY ebuild of openSSH?

thanks!

regards
slinkan

Chris W · Posted: Fri Aug 02, 2002 8:51 am Post subject:

That modification does not appear in the openssh-3.4p1.tar.gz in my distfiles copy (from the Gentoo IBiblio site).
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein

slinkan · n00b Joined: 08 May 2002 Posts: 5 Location: SWE

Soupy · n00b Joined: 22 Jul 2002 Posts: 9

If you, theoretically, managed to end up with the trojaned openssh sources when you tried to run that ebuild, it should have failed the md5 sum check and not built.

Zu` · l33t Joined: 26 May 2002 Posts: 716 Location: BE

pjp · Administrator Joined: 16 Apr 2002 Posts: 20586

Just in case anyone else finds this... there are several threads on this topic already:
Posted: Wed Jun 26th, 2002 14:07 Post subject: OpenSSH 3.4
Posted: Wed Jun 26th, 2002 20:35 Post subject: [gentoo-announce] GLSA: OpenSSH (The official Gentoo Security announcement)
Posted: Thu Aug 01st, 2002 07:44 Post subject: Trojan in OpenSSH 3.4p1(locked in favor of this next one)
Posted: Thu Aug 01st, 2002 06:19 Post subject: FYI: OpenSSH Trojan.

This thread was "Posted: Fri Aug 02nd, 2002 02:24".

I'm mainly trying to demonstrate why using search is important.
_________________
Quis separabit? Quo animo?